The Simple Email Trick that Identity Thieves Hate

“Having two identities for yourself is an example of a lack of integrity,” Mark Zuckerberg proclaimed in The Facebook Effect. Easy for him to say. Facebook has made a mint on data integrity—your personal information yoked to likes and dislikes sold to the highest bidder. But here’s some bad news for Zuck: When it comes to navigating a world filled with identity thieves, it pays to lack data integrity.

There are more than a billion records containing some form of personally identifiable information already “out there” in the wake of the mega data breaches suffered by JPMorgan Chase, Target, Home Depot and others. You should assume that your information may already be in harm’s way. There are things you can do to prepare for the inevitability of identity theft—often for a fee—and it’s a good idea to avail yourself of trusted services and features out there because they can help. Among them credit monitoring services, which can alert you to changes to your credit reports and tip you off to identity fraud, or transactional monitoring services offered by banks, credit unions, credit card issuers and certain third-party venders that notify you every time any activity occurs in your accounts. You can also get your credit scores for free every month on Credit.com—any sudden, unexpected change in your score could signal new-account fraud. While you’re doing that, bear in mind there are other no-fee tricks that can make you harder to hit.

I’ve already written about the value of lying. Making up fake answers to those authentication security questions is a way to foil would-be identity thieves—a painful lesson learned when hackers grabbed celebrity nude photos from Apple’s iCloud service last year. The wide use of Twitter, Facebook, Instagram and other social networking sites makes everyone a celebrity—at least when it comes to the “gettability” of personal factoids like mother’s maiden name, place of birth, etc.

There is another simple trick in this tradition that could put yet one more moat between you and the evil-doers of the digital realm: Change the way you use email.

It may sound ridiculous at first, but a strategic deployment of the most common and visible form of personally identifiable information—the humble email address—might be enough to send a would-be identity thief packing to an easier mark.

If you’re surprised to hear that email counts as personally identifiable information, it might be helpful to review what other kinds of information identity thieves can use to scam you. The National Institute of Standards and Technology provides a comprehensive list that includes: first and last name (with or without middle initial), home address, email address, driver’s license number, credit card numbers, any nationally recognized identification number (think SSN and passport), vehicle registration plate numbers and discrete items like date of birth, birthplace, telephone number, login name, screen name, nickname and user handles.

The Secret Email Address

While financial institutions generally don’t allow emails to double for user names, and are also more likely to implement multiple-factor authentication, they have no problem with John Q. Public choosing “johnqpublic” as a user name, and since it’s not terribly difficult to figure out what Mr. Public’s email address is, he’s vulnerable. Identity thieves like to play Sherlock Holmes. It’s all about deduction and clever guesses—often with the aid of a computer program. This matters because taking over an email account is the fastest way to control other accounts—including financial ones.

One of the easiest ways to address this cyber situation is to create a secret email address that you only use for logging in to your most sensitive financial accounts.

The same kind of “data integrity” that major data miners like Facebook market to this or that company is available on the cybercrime black market. Identity thieves also rely on data integrity. They buy your information in bulk to catch-as-catch-can on the high seas of identity-related financial fraud, and if you’ve been lying in answer to security questions and creating secret email addresses the chances are reasonable that you’ve made their job sufficiently difficult that they will move on to another bundle of personally identifiable information that is easier to exploit. This is the reason you should set up an email address used only for your most sensitive accounts. By doing this, you will undermine the integrity of your data where it matters most.

While you are changing those account credentials, take some time to change your passwords, too. As ever, it’s crucial to have good data hygiene here. A messy approach to your personal security could cost you big time—maybe not in actual dollars and cents, but for sure in the opportunity cost of hours spent getting your life back. Use different passwords for each account, and make sure your passwords are complex: at least 10 characters long with numbers as well as other symbols and a combination of lower- and uppercase letters.

There is no sure-fire way to avoid identity theft, but you can make yourself harder to hit, and creating a separate email account for your most sensitive online activity is a good foil.